Question to the Department for Digital, Culture, Media & Sport:

To ask Her Majesty's Government what recent steps they have taken to ensure that large technology organisations are complying with regulations on personal data.

All organisations in the UK which process personal information, whether large or small, have to comply with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018. The legislation also applies to organisations based outside the UK which are processing UK residents’ data for the purposes of providing goods and services or monitoring behaviour.

The legislation is administered and enforced independently of HM Government by the Information Commissioner’s Office (ICO). The ICO has a range of enforcement tools to tackle non-compliance, including the power to impose civil monetary penalties of up £17.5 million or 4% of annual global turnover, whichever is greater. Details of enforcement action taken by the ICO can be found on its website.